← back
CVE-2025-43789

CVE-2025-43789

CVSS 1 LOWEPSS 0.2%CWE-863
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed.
CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Liferay · DXPLiferay · Portal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43789